Highlighted

Implementation time for Multi Factor Authentication using TOTP

New Here ,
May 04, 2020

Copy link to clipboard

Copied

our security team wants us to implement Multi Factor Authentication using a token based system.  I located https://github.com/marcins/cf-google-authenticator which references CF10 and i was pleased becasue we still haven't been approved to move our app from CF 11 to a supported version but beyond serving as a sample has anybody got any idea how long it might take to implement either google authenticator OR another token based system.

 

I'm being told that other 2FA methods are not approved (SMS, Email, etc) because they are not secure so they aren't options at this time.

 

Any Advice, Recommendations, or realtime experience (it took us x long) would be appreciated.  I hope this wasn't too vague, i just don't want to put too much in the post.

TOPICS
Advanced techniques, Getting started, Security

Views

443

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

Implementation time for Multi Factor Authentication using TOTP

New Here ,
May 04, 2020

Copy link to clipboard

Copied

our security team wants us to implement Multi Factor Authentication using a token based system.  I located https://github.com/marcins/cf-google-authenticator which references CF10 and i was pleased becasue we still haven't been approved to move our app from CF 11 to a supported version but beyond serving as a sample has anybody got any idea how long it might take to implement either google authenticator OR another token based system.

 

I'm being told that other 2FA methods are not approved (SMS, Email, etc) because they are not secure so they aren't options at this time.

 

Any Advice, Recommendations, or realtime experience (it took us x long) would be appreciated.  I hope this wasn't too vague, i just don't want to put too much in the post.

TOPICS
Advanced techniques, Getting started, Security

Views

444

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
May 04, 2020 0
Jamo LATEST
Engaged ,
Jun 09, 2020

Copy link to clipboard

Copied

I recently added TOTP (Time-Based One-Time) to our login framework using the CF-Google-Authenticator CFC using ColdFusion 2016, but it should work with CF9.  It was pretty easy to integrate and worked right out of the box.  It took me a couple hours to refactor, test and roll out.  I also added SMS & Email 2FA at the same time.
https://github.com/marcins/cf-google-authenticator

Regarding using a mobile app, I recommend using Authy over Google Authenticator:
https://authy.com/

 

Here are some best practices when integrating the MFA INPUT field:
https://www.twilio.com/blog/html-attributes-two-factor-authentication-autocomplete

 

 

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jun 09, 2020 0